LookupAccountSid and trust relationship
Armand Welsh
armand at welshhome.org
Thu Dec 14 21:52:28 GMT 2000
*This message was transferred with a trial version of CommuniGate(tm) Pro*
cool, I will have to try that, to see how it works, essentially, that is
exactly what I was going to test tonight, but now I can feel pretty
confident that it will work. Instead of @root, I am going to create a
group called Adminsitrators just like NT uses, and set the line as "domain
admin group = @administrators" and see how that works, then I was also going
to play with aliasing root to administrator in the /etc/smbpasswd file. If
the account shows up as administrator on the win2k machine, then it will
feel more natural to me.
----- Original Message -----
From: "Torsten Curdt" <tcurdt at dff.st>
To: "Armand Welsh" <armand at welshhome.org>; <samba-ntdom at lists.samba.org>
Sent: Thursday, December 14, 2000 11:04 AM
Subject: RE: LookupAccountSid and trust relationship
> *This message was transferred with a trial version of CommuniGate(tm) Pro*
> > I have similar problem. What I noticed, (i think it's documented
> > in a .txt
> > file somwhere in the CVS tree) is that the win2K system does not
consider
> > Domain Admins to be a member of the Administrators group. And
> > It's not the
> > same group. Administrators is the local system adminsitrators
> > group. Since
> > samba doesn't support trusts yet, you can not add the Domain Admins
group,
> > or the domain user, to the administrators group on your win2k system;
this
> > function requires trusts to communicate the exchange of rights/perms).
>
> I just tried the following:
>
> domain admin user = root
> domain admin group = @root
>
> Which gave me now Administrator rights on the each local machine!!
> But still gives me the LookupAccountSid error!
>
> User Group Policy results for:
> DFF\root
> Domain Name: DFF
> Domain Type: Windows NT v4
> Roaming profile: \\mogh\profiles\root
> Local profile: C:\Dokumente und Einstellungen\root.DFF
> The user is a member of the following security groups:
> LookupAccountSid failed with 1789.
> \Jeder
> VORDEFINIERT\Benutzer
> VORDEFINIERT\Administratoren <---- YES!!!
> LookupAccountSid failed with 1789.
> LookupAccountSid failed with 1789.
> \LOKAL
> NT-AUTORIT-T\INTERAKTIV
> NT-AUTORIT-T\Authentifizierte Benutzer
> --
> Torsten
>
>
More information about the samba-ntdom
mailing list